PaperCut MF < 25.0.10 XSS (CVE-2026-4794)

The version of PaperCut MF installed on the remote Windows host is prior to 25.0.10. It is, therefore, affected by a vulnerability: - Multiple cross-site scripting XSS vulnerabilities allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This...

EUVD-2026-17271

Multiple cross-site scripting XSS vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the...

CVE-2026-4794 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF

Multiple cross-site scripting XSS vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the...

PaperCut NG/MF 安全漏洞

PaperCut NG/MF is a printing management system developed by PaperCut Corporation. Versions of PaperCut NG/MF prior to 25.0.10 contained security vulnerabilities. These vulnerabilities stemmed from cross-site scripting vulnerabilities in multiple UI fields, which could allow for the injection of...

GHSA-MX7M-J9XF-62HW @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields

Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...

@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields

Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...